const createError = require('http-errors');
const express = require('express');
const path = require('path');
const cookieParser = require('cookie-parser');
const logger = require('morgan');

const route = require('./routes');

const app = express();

// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');

app.use(logger('dev'));
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.use(cookieParser());
app.use(express.static(path.join(__dirname, 'public')));

// 利用 CORS 解决跨域
app.all('*', function (req, res, next) {
  res.header('Access-Control-Allow-Origin', '*'); // 允许任意地址访问
  res.header('Access-Control-Allow-Methods', 'GET, POST');
  res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization');
  next(); // 继续下一个中间件的处理
});

route(app);

// catch 404 and forward to error handler
app.use(function (req, res, next) {
  next(createError(404));
});

// error handler
app.use(function (err, req, res, next) {
  console.log('服务器500：', err);

  // set locals, only providing error in development
  res.locals.message = err.message;
  res.locals.error = req.app.get('env') === 'development' ? err : {};

  // token 验证失败
  if (err.name === 'UnauthorizedError') {
    res.status(401)
      .json({
        message: 'invalid token',
        error: err
      });
    return;
  }

  // render the error page
  res.status(err.status || 500);
  res.render('error');
});

module.exports = app;
